1. Field of the Invention
The present invention relates to an apparatus and method to encrypt data having hierarchical information.
2. Description of the Related Art
With wide spread of digital media data, protection of copyright becomes more important. If the copyright is not appropriately protected, content providers cannot provide adequate service, and consequently, digital media service business cannot be developed. Furthermore, protection of the copyright must be applied to even a small part of the data as well as the entire data. For example, it is necessary to protect a single frame (a still image) of video data. MACROVISION is usually used for the protection of analog data. A method of encrypting the data using codes is usually used for the protection of the digital data. Various encryption algorithms can be used for encryption of the digital data. The encryption algorithm may be a simple one based on a private key and an XOR operation or a complex one based on a single private key (symmetric) or a private or public key pair (asymmetric). At present, symmetric encryption algorithms are generally used for digital media data in terms of complexity, convenience, and security. In symmetric algorithms, a single key or a plurality of keys periodically changing is used to encrypt the entire media data.
Media services have been developed in various ways. For example, a video on demand (VOD) service allows a user to watch or download only a part (several key frames or a 30-second key clip) of a video instead of the entire video. In addition, international standards (for example, a moving picture experts group 7 (MPEG-7)) have been established in order to enable users to watch or download only a part of the video. The international standards include a video content description containing hierarchical structure information of the video. The most important purpose of such standardization is to allow the various media services to be based on standard meta-data specifications.
Hereinafter, problems in conventional technology will be described with reference to the attached drawings.
FIG. 1 is a diagram showing structures of the encrypted data used in conventional methods of encrypting the media data. The conventional methods of encrypting the media data include a single key encryption 11 and a multi-key encryption 12. In the single key encryption 11, the entire media data or a subset of the media data is encrypted using a single key K. In the multi-key encryption 12, the entire media data or a subset of the media data is encrypted using a plurality of keys K1 and K2. In the multi-key encryption 12, usually, the keys K1 and K2 are periodically or nonperiodically changed. It is usual to put a flag in the media data in order to report a change of a key. Generally, the keys K1 and K2 are not highly related to the media data to be encrypted.
Generally, the media data is encrypted using a symmetric code. Because an asymmetric code requires a much more complex key generation algorithm and a bigger key size than the symmetric code, the asymmetric code is inappropriate for the encryption of the media data requiring fast and a large amount of processing. When a symmetric code is used, the same private key is used for both encryption and decryption.
FIG. 2 is a block diagram of a conventional apparatus to encrypt the media data. The conventional apparatus to encrypt the media data includes a key generator 21, a key buffer 22, a data encryptor 23, a key encryptor 24, a storage block, and a transmitter 26.
The key generator 21 generates the keys used to encrypt the media data. The key buffer 22 temporarily stores and provides the keys to the data encryptor 23 or the key encryptor 24 when the keys are needed. The data encryptor 23 encrypts the data using the provided keys. The key encryptor 24 encrypts the keys. The storage block 25 stores the encrypted media data and the encrypted keys. The transmitter 26 transmits the encrypted media data and the encrypted keys stored in the storage block 25.
FIG. 3 is a block diagram of a conventional apparatus for decrypting the media data. The conventional apparatus for decrypting the media data includes a receiver 31, a key decryptor 32, a key buffer, and a data decryptor 34.
The receiver 31 receives the encrypted data and the keys from the transmitter 26 shown in FIG. 2. The key decryptor 32 decrypts the encrypted keys. The key buffers 33 temporarily stores and provides the decrypted keys to the data decryptor 34 when the decrypted keys are needed. The data decryptor 34 decrypts the encrypted data using the keys.
As shown in FIGS. 2 and 3, when a symmetric code encryption is used, a server and a client need to share the key for the encryption and the decryption. In media service servers, the media data is encrypted using the single key or the plurality of keys. The key after being encrypted, another key is used for the media encryption. The encrypted media data and the encrypted key are transmitted to the client. The client receives the encrypted media data and the key. Thereafter, the encrypted key is decrypted, and then the encrypted media data is decrypted using the decrypted key.
If a satisfactory environment for digital data service is established, the user can initially order only several key frames of different media data and reproduce the key frames and then order only the media data corresponding to a key frame to the user's taste. For such a scenario, it is necessary to protect the data (i.e., the key frames and key clips). However, the conventional apparatuses shown in FIGS. 2 and 3 do not effectively support a situation in which a part of the data is transmitted and received. In other words, when only the single key is used to encrypt the entire data, the data can be easily hacked. In the meantime, when pa] the plurality of keys are used, a bandwidth or memory space for the key transmission is unnecessarily required.
For example, 1-hour video data can be expressed as a tree structure in which the key frame is defined as a leaf, the entire video data is defined as a root, a key clip is defined as an intermediate node, and a parent is defined as including a child. In the tree structure, the key clip and the key frame are elements representing semantically important parts of the entire video data. The tree structure is stated in the international standard specification such as the MPEG-7. More flexible media services can be provided based on the tree structure. For example, the user may want to watch or download only the key clip including essential key frames instead of the entire video data, or the user may order only several frames of the video data or request a preview composed of several key clips of different video data before deciding to watch or download the entire video data. In this scenario, all of the video data pieces (i.e., the key frames and the key clips) are necessary to be transmitted under protection. However, conventional encryption methods do not satisfactorily support the protection because the encryption methods do not consider the hierarchical information of the video data.
FIG. 4 is a structural diagram of a conventional method of encrypting the video data. With development of various types of the media services (for example, VOD) based on the content of the media data and the user's taste, a media data encryption method that can support the various types of media services is required. Conventional encryption methods have the following two problems.
First, the conventional encryption methods are vulnerable to hacking when the single key is used for the encryption. In other words, when the single key is used for the encryption, the same encryption key is used for the key frame, the key clip, and the entire video data. Accordingly, once the encryption key for the key frame or the key clip is received by the user, the entire video data can be decrypted using the received encryption key. Consequently, the media data can be easily hacked.
Second, even if the plurality of keys are used for the encryption, the conventional encryption methods have a problem in that a wide bandwidth is required for key transmission when the encryption is performed without considering hierarchical information of the media data in media services. In other words, when the plurality of keys are used for the encryption, different encryption keys are used for the video data in different layers of a hierarchical structure in order to overcome the problem occurring in the method using the single key, so the wide bandwidth is required. For example, when the video data is structured in three layers, i.e., the key frame, the key clip, and the entire video data, assuming that the data portion of the key frame is referred to as A data, the data portion of the key clip, except the key frame, is referred to as B data, and the data portion of the entire video data except the key frame and the key clip is referred to as C data. Then, the A data can be encrypted using the key K1, the B data can be encrypted using the key K2, and the C data can be encrypted using a key K3. Accordingly, in order to decrypt the key frame, the key K1 is needed. In order to decrypt the key clip, the keys K1 and K2 are needed. In order to decrypt the entire video data, the keys K1, K2, and K3 are needed. In this case, when considering the hierarchical structure of the video data, unnecessary key transmission is performed.